On 25/06/2009, at 10:46 AM, Jamie Lokier wrote:
>This is what I've found, for the paranoid:
>
> Pragma: no-cache
> Cache-Control: no-cache,max-age=0,must-revalidate,pre-
>check=0,post-check=0
> Expires: VERY-OLD-DATE
>
>The apparently redundant fields are in case of implementations which
>don't understand, or don't correctly implement, the other fields.
>
>There's probably a browser out there which doesn't understand
>"Cache-Control: no-cache,..." when there's anything else on the same
>line. IE had a reputation for being a bit rigid in how it recognises
>some headers. But I'm pretty sure anything like that will recognise
>"Pragma: no-cache" so it doesn't matter.
We can also add:
If client may be Opera (who knows about others), going from other
messages in this thread:
- Use HTTPS if you do want caching but you want must-revalidate to
be honoured in history browsing. A complicated quirk, yet
important to anything with sessions revealing personal data.
- Cache-Control: no-cache doesn't prevent caching. You may still
see If-Modified requests, validating a response which was sent
with no-cache.
-- Jamie